fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-09 08:50:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

wifi: merge branch 'wifi-auth-alg-general-fixes'

Browse source 
Some fixes for creating wpa_supplicant config.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/826
This commit is contained in:
Beniamino Galvani 2021-04-30 08:30:42 +00:00
commit d65b67e381
3 changed files with 69 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
src/core/supplicant/nm-supplicant-config.c
View file

@ -883,9 +883,6 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
g_string_append(key_mgmt_conf, " ft-sae");
} else if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) {
pmf = NM_SETTING_WIRELESS_SECURITY_PMF_REQUIRED;
if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error)
|| !nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error))
return FALSE;
}
if (!add_string_val(self, key_mgmt_conf->str, "key_mgmt", TRUE, NULL, error))
@ -954,10 +951,6 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
}
}
/* Don't try to enable PMF on non-WPA/SAE/OWE networks */
if (!NM_IN_STRSET(key_mgmt, "wpa-eap", "wpa-eap-suite-b-192", "wpa-psk", "sae", "owe"))
pmf = NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE;
/* Check if we actually support PMF */
set_pmf = TRUE;
if (!_get_capability(priv, NM_SUPPL_CAP_TYPE_PMF)) {
@ -972,7 +965,7 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
}
/* Only WPA-specific things when using WPA */
if (NM_IN_STRSET(key_mgmt, "wpa-psk", "wpa-eap", "sae", "owe")) {
if (NM_IN_STRSET(key_mgmt, "owe", "wpa-psk", "sae", "wpa-eap", "wpa-eap-suite-b-192")) {
if (!ADD_STRING_LIST_VAL(self,
setting,
wireless_security,
@ -984,29 +977,40 @@ nm_supplicant_config_add_setting_wireless_security(NMSupplicantConfig *
NULL,
error))
return FALSE;
if (!ADD_STRING_LIST_VAL(self,
setting,
wireless_security,
pairwise,
pairwise,
"pairwise",
' ',
TRUE,
NULL,
error))
return FALSE;
if (!ADD_STRING_LIST_VAL(self,
setting,
wireless_security,
group,
groups,
"group",
' ',
TRUE,
NULL,
error))
return FALSE;
if (nm_streq(key_mgmt, "wpa-eap-suite-b-192")) {
if (!nm_supplicant_config_add_option(self, "pairwise", "GCMP-256", -1, NULL, error))
return FALSE;
if (!nm_supplicant_config_add_option(self, "group", "GCMP-256", -1, NULL, error))
return FALSE;
} else {
if (!ADD_STRING_LIST_VAL(self,
setting,
wireless_security,
pairwise,
pairwise,
"pairwise",
' ',
TRUE,
NULL,
error))
return FALSE;
if (!ADD_STRING_LIST_VAL(self,
setting,
wireless_security,
group,
groups,
"group",
' ',
TRUE,
NULL,
error))
return FALSE;
}
/* We set the supplicants global "pmf" config value to "1" (optional),
* so no need to set it network-specific again if PMF_OPTIONAL is set.
*/
if (set_pmf
&& NM_IN_SET(pmf,
NM_SETTING_WIRELESS_SECURITY_PMF_DISABLE,

3
src/core/supplicant/tests/test-supplicant-config.c
View file

@ -815,9 +815,10 @@ test_wifi_eap_suite_b_generation(void)
NMTST_EXPECT_NM_INFO("Config: added 'scan_ssid' value '1'*");
NMTST_EXPECT_NM_INFO("Config: added 'bssid' value '11:22:33:44:55:66'*");
NMTST_EXPECT_NM_INFO("Config: added 'freq_list' value *");
NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'");
NMTST_EXPECT_NM_INFO("Config: added 'pairwise' value 'GCMP-256'");
NMTST_EXPECT_NM_INFO("Config: added 'group' value 'GCMP-256'");
NMTST_EXPECT_NM_INFO("Config: added 'key_mgmt' value 'WPA-EAP-SUITE-B-192'");
NMTST_EXPECT_NM_INFO("Config: added 'ieee80211w' value '2'");
NMTST_EXPECT_NM_INFO("Config: added 'eap' value 'TLS'");
NMTST_EXPECT_NM_INFO("Config: added 'fragment_size' value '1086'");
NMTST_EXPECT_NM_INFO("Config: added 'ca_cert' value '*/test-ca-cert.pem'");

67
src/libnm-core-impl/nm-setting-wireless-security.c
View file

@ -904,33 +904,32 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
return FALSE;
}
if (g_strcmp0(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH) == 0) {
if ((strcmp(priv->key_mgmt, "none") == 0) || (strcmp(priv->key_mgmt, "sae") == 0)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for '%s' mode connections"),
priv->key_mgmt,
NM_SETTING_WIRELESS_MODE_MESH);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
} else {
if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for the property"),
priv->key_mgmt);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
if (!g_strv_contains(valid_key_mgmt, priv->key_mgmt)) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for the property"),
priv->key_mgmt);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
if (NM_IN_STRSET(wifi_mode, NM_SETTING_WIRELESS_MODE_MESH)
&& !NM_IN_STRSET(priv->key_mgmt, "none", "sae")) {
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' is not a valid value for '%s' mode connections"),
priv->key_mgmt,
NM_SETTING_WIRELESS_MODE_MESH);
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,
NM_SETTING_WIRELESS_SECURITY_KEY_MGMT);
return FALSE;
}
if (priv->auth_alg && !strcmp(priv->auth_alg, "leap")) {
@ -1104,13 +1103,13 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
"wpa-psk",
"sae",
"owe")) {
g_set_error(
error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with 'wpa-eap', 'wpa-eap-suite-b-192', 'wpa-psk' or 'sae' key "
"management "),
priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional" : "required");
g_set_error(error,
NM_CONNECTION_ERROR,
NM_CONNECTION_ERROR_INVALID_PROPERTY,
_("'%s' can only be used with 'owe', 'wpa-psk', 'sae', 'wpa-eap' "
"or 'wpa-eap-suite-b-192' key management"),
priv->pmf == NM_SETTING_WIRELESS_SECURITY_PMF_OPTIONAL ? "optional"
: "required");
g_prefix_error(error,
"%s.%s: ",
NM_SETTING_WIRELESS_SECURITY_SETTING_NAME,